Trusted by 7 of the Largest Financial FirmsTrusted by 4 of the Top Telco ProvidersTrusted by 8 of the Largest RetailersTrusted by 6 of the Leading Global Tech CompaniesTrusted by 7 of the Leading Travel & Transportation Groups

Resources

Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!

Anatomy of an Immediate Insight Proof-of-Concept

Mar 29, 2016Jeff Barker

Background

Today’s reality for IT Security and Operations teams is there are more activities to be performed than there are hours in the day. Before evaluating any product it’s helpful to understand the scope of effort and time required to evaluate a product’s value to your organization. This document describes the typical process, and timeline, for evaluating Immediate Insight. It normally takes 60 minutes for preparation and installation. After the installation and a minimal data collection period, the system is available for users to ask questions of their data and follow the non-obvious associations across data silos.

To determine if data is coming into the system, either search for everything (leave search field blank) in the past hour, view the Dataflow collectors status screen, or use the Firehose to see the incoming data live.

Download the “Situations to Watch” Pinboard from the Immediate Insight Knowledgebase.

Available here and upload it to Immediate Insight via the Drag & Drop Import (Import as Blob). The installed Pinboard will provide a sample of commonly used searches.

Data Collection - Let the system run for 24-48 hours, collecting data.

Explore the Data

Once data is in Immediate Insight, simply ask any questions of the data and results are returned very quickly. The following common exploration use cases can help users familiarizing themselves with the system’s capabilities and get users started in extracting actionable insights from their data to improve security and operations.

Common exploration use cases:

Needle finding

Leave the search field blank, select the last 24 hours and run a search

Select the most unusual to see the events that occur most infrequently in the past 24 hours.

Leave the search field blank, select the last 24 hours and run a search

Select location

Select table icon to see all locations ordered by frequency

Select a location to see all the associated events

Data anomalies

Enter any search, or leave it blank, for the desired timeframe

Select most common

Select most unusual

The common and unusual data clusters are displayed

Click through any of the clusters to see a sample of event details. Click on the event detail to pivot search to isolate the cluster. Select events, location, or entities for other views into the data.

New/changed

Leave the search field blank, select the last 24 hours and run a search

Select trending

Select compare to previous period to compare results from past 24 hours to the previous 24 hours.

Toggle through trending up, new, missing, etc

Focused then Retrospective

Leave the search field blank, select the last 24 hours and run a search

Select timeline

Select a bar in the timeline to drill in

Pivot search on desired entity

Select past 7 days

NOT US Locations

Enter NOT US in the search field, select the last 24 hours and run a search

Select Entities

Select any location, addresses, names to pivot search

Select + (for AND) and – (for NOT) to create more complex searches

NOT denied AND CN

Enter NOT denied AND CN, select the last 24 hours and run a search

Pivot search on any internal addresses to see the associated events

Pivot, trending, unusual

Firehose

Leave the search field blank, select the last 24 hours and run a search

Select the follow arrow and select an entity

Firehose view shows a live view of all events for the selected events as they happen

Saving searches (bookmarks) and Pinning bookmarks to the board

Enter a search query and timeframe and run the search

Select add bookmark from the menu on the upper right side of the interface

Add guide and category to pin search

See pinned searches are displayed on the second pages of the main search screen

Jeff, as VP of Product Management for Immediate Insight, is continuing his pursuit of making data analysis more accessible. Jeff cofounded the Immediate Insight data analysis platform, which ws acquired by FireMon in 2015. He leverages 25 years of successes and failures in creating and developing markets, driving product strategy, and leading teams in both startup and public networking and security companies to create a new breed of data analysis required to discover the unknown in today’s mobile, virtual, and cloud-enabled environments.

Events

Webinars

Traditional security models are all about the current state – but in the current state of cyber-security, by the time new rules are written, they’re obsolete. Resources have changed, topologies have shifted, traffic has evolved, and applications grew new arms and legs.

Most organizations that I talk to still have their networks designed for 90's era attacks. A hard perimeter and little to nothing on the inside. The one common exception is the part of the network that processes credit card data since PCI DSS specifically identifies the Cardholder Data Network (CDN) and requires controls around it.

Join David Monahan, managing research director at leading IT analyst firm Enterprise Management Associates (EMA), and discover the difference between organizations using an SPOA solution to manage their firewall environments versus those not using one of these solutions.

Using Security Policy And Automation (SPOA) Tools To Reduce The Attack Surface

Attack surfaces have expanded greatly in the past several years, in part because of the amount of new applications coming online via Internet of Things and increasingly connected technology. Organizations have an admittedly tough time keeping up with all the new touchpoints and the rapid expansion of the attack surface. Complete defense is nearly impossible, and many companies struggle with visibility issues, mismatched or misaligned firewall policies, and an inability to comprehensively test the security configurations they do have

Cloud technology gives enterprises faster application deployment, instant storage, workload versatility and pricing models that decrease initial capital investment. It is no wonder enterprises are making the move to the cloud.

Migrations run the risk of cost overrun, delays and disruption of network service - often due to a lack of personnel and process to efficiently and effectively manage. To ensure a successful migration, consider these four key factors: 1) identifying and removing technical mistakes, 2) removing unused access, 3) refining and organizing what remains and 4) continuous, real-time monitoring.

Network Security Policy Management (NSPM) continues to be a difficult practice for organizations the world over. In the last 20 years, network security policies (e.g. firewall rules) have grown by more than 3,500%. Yes, you read that number correctly. Why is that?

Gartner research has uncovered a number of security policy challenges for enterprises. Among these challenges are the typical assessments necessary to fortify policy for compliance and improved security posture.

Welcome to the world of overflowing regulations and compliance standards, of evolving infrastructure and the ever-present breach. It's a world where 72% of security and compliance personnel say their jobs are more difficult today than just two years ago.

Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.

Forrester’s Zero Trust Model of information security helps teams develop robust prevention, detection and incident response capabilities to protect their company's vital digital business ecosystem. This report will help security pros understand the technologies best suited to empowering and extending their Zero Trust initiatives and will detail how Forrester sees this model and framework growing and evolving.

The customer sought a data analysis tool to correlate application data with network and security data to spot service-impacting anomalies. They did not have an accurate picture of interoperability between applications and the underlying infrastructure.

This national insurance provider had three problems to tackle regarding their firewall policies. First, the number of rules under management was overwhelming staff and processes. They needed to increase visibility and effectiveness of their firewall change request/workflow ticketing process. And they also need help maintaining compliance PCI DSS requirements.

Each time this Global MSP engaged a new customer, they had to onboard the firewalls – sometimes hundreds per engagement – into their network. Part of the onboarding process required assessing the policies against internal best practices – a manual, line-by-line process that took an average of 16 hours/firewall and was extremely error-prone.